A distributed denial of service attack (DDoS) on DNS provider Dyn last week managed to disrupt an array of the internet’s biggest websites, including Spotify, Twitter, and PayPal.
What was most interesting about this attack was that it was largely carried out using an Internet of Things (IoT) botnet called Mirai (Linux.Gafgyt).
Q: How does Mirai work?
A: Mirai works by exploiting the weak security on many IoT devices. It operates by continuously scanning for IoT devices that are accessible over the internet and are protected by factory default or hardcoded user names and passwords.
Q: What devices are at risk of exploitation/infection?
A: Routers, DVRs, CCTV cameras, and any other ‘smart’, internet-connected appliances are at risk of attack.
Q: How are device manufacturers responding?
A: The Chinese electronics firm behind many of the webcams used in the attack on Dyn’s services, XiongMai Technologies, issued a recall for many of its devices following the attack.
Q: Can a Mirai infection be removed?
A: Devices that become infected with Mirai can be cleaned by restarting them. However, due to constant scanning for devices by the botnet, vulnerable devices can become re-infected within a matter of minutes of going back online unless the default credentials are changed.
Q: What can I do to protect my devices and prevent them from becoming infected?
A: Symantec Security Response has the following tips to protect your IoT device from becoming infected with malware.
Article by Symantec Security Response.